The following procedure assumes both the 2008 system running the agent and the 2008 system that is the target of event log collection are on the same domain:
- Create your domain account.
- Add the account to the EventLogReaders Group.
- Either on each target Host individually or via GPO, ensure that this account has Read access to these two registry keys.
- Run the LogRhythm System Monitor Service with this particular account.
- On the 2008 target system you wish to collect logs from, do the following:
- Make the domain account created in Step 1 a member of the local Event Log Readers group.
- Make sure that the proper firewall ports are open if the system is running the windows firewall.
- Make sure any intervening firewalls traffic fall within the Dynamic Port Range (49152-65535) on the target systems.
By default, the entire range is included. However, it can be modified to a different range. Before changing the range, verify with your Windows System Administrator.